If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Re: Getting passwords to display in Ettercap

In backtrack, look for the file "etter.fields" at /usr/local/share/ettercap/ . This file contains a list of the the form fields (username and password) that ettercap would recognize by its HTTP dissector and you can also add your own fields to this file. By default, the form field "userpass" is not an entry in the etter.fields file. Simply adding this to the list should do the trick. The field "pass" is already listed by default and is the reason why ettercap is able to extract the password.

Re: Getting passwords to display in Ettercap

Re: Getting passwords to display in Ettercap

It was my understanding that ettercap used dissectors to pick user names and passwords from packets. In /etc/etter.conf dissectors are mapped to ports with 80 mapped to the http dissector. Looking through ec_http.c (the dissector I thought was being used) it appeared that ettercap was parsing the file and would return any variant of user name and password.

I am wondering when ettercap uses the dissectors because I am lazy and would prefer it to just parse the the traffic for all sites automatically.

Re: Getting passwords to display in Ettercap

The code that you copied only shows variable declarations and what happens if a particular file cannot be opened/read. Nothing more. Perhaps you didn't copy the entire code branch that you intended to?